OT: change NT login procedure

Gerald Carter gcarter at valinux.com
Thu Feb 1 01:24:44 GMT 2001


Osama Abu-Aish wrote:
> 
> In many environments NIS is used which sends the 
> passwd-hashes (which are cleartext equivalent) over 
> the wire. And AFAIK LDAP authentication sends also 
> the passwd in cleartext. 

Ummm....These two statements are wrong. DES password 
hashes used in /etc/passwd are not clear text equivalents.  
The use of salt in the encryption key make a given 
ascii string hash to different value each time. (as opposed to
lanman/NT hashes which are plain text equivalents).

Refer to the SASL implementations in the LDAP v3 
rfcs (2251 in particular) for more on LDAP binds.
While there is a simple bind (clear text), this is not 
the only one available.









Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )






More information about the samba-technical mailing list